This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition. Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf. This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories